Which of the following formats are valid for a Splunk REST URI?
Options:
A.
host:port/endpoint
B.
scheme://host/servicesNS/*/
C.
$SPLUNK HOME/services/endpoint
D.
scheme://host:port/services/endpoint
Answer:
D
Explanation:
Explanation:
The valid format for a Splunk REST URI is scheme://host:port/services/endpoint. This format specifies the scheme (http or https), the host (the Splunk server name or IP address), the port (the Splunk management port, usually 8089), the services prefix (which indicates a Splunk REST endpoint), and the endpoint (the specific resource or action to access). The other formats are either incomplete or invalid. For more information, see About the Splunk REST API.
Question 21
In a DELETE request, what would omitting the value of _key from the REST endpoint do?
Options:
A.
Clean the KV store, deleting all content.
B.
Produce the syntax error “Key value missing”.
C.
Cause all records in a collection to be deleted.
D.
Mean that the _key value must be passed as an argument.
Answer:
C
Explanation:
Explanation:
The correct answer is C, because omitting the value of _key from the REST endpoint would cause all records in a collection to be deleted. The _key is a unique identifier for each record in a KV Store collection. The REST endpoint for deleting a record from a collection is /storage/collections/data//, where is the name of the collection and is the value of _key. If the is omitted, the REST endpoint becomes /storage/collections/data/, which deletes all records in the collection. The other options are incorrect because they are not the consequences of omitting the value of _key from the REST endpoint. Cleaning the KV store, deleting all content would require deleting all collections, not just one. Producing the syntax error “Key value missing” would not happen, because the REST endpoint is valid without the value. Meaning that the _key value must be passed as an argument would not make sense, because the argument is the same as the value in the REST endpoint.
